aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2016-05-05ssl: Use cipher suite's PRF in prf/5Kenneth Lakin
Use the negotiated cipher suite's PRF algorithm in calls to ssl:prf/5, rather than a hard-coded one. For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This was correct 100% of the time. For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256. This was correct only some of the time for TLS 1.2 and none of the time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5 through another path, the handshaking process used the negotiated PRF and did not encounter this bug. A new test (prf) has been added to ssl_basic_SUITE to guard against future breakage.
2016-05-04Merge branch 'maint-18'Henrik Nord
Conflicts: OTP_VERSION lib/common_test/test/ct_hooks_SUITE_data/cth/tests/ct_update_config_SUITE.erl lib/common_test/vsn.mk
2016-05-04Merge branch 'ingela/ssl-gen-statem/OTP-13464'Ingela Anderton Andin
* ingela/ssl-gen-statem/OTP-13464: ssl: Adapt DTLS to gen_statem ssl: Use gen_statem instead of gen_fsm
2016-05-04ssl: Correct and clean test suiteIngela Anderton Andin
Active option was not handled correctly in all places. Dead code has been removed.
2016-05-03ssl: Adapt DTLS to gen_statemIngela Anderton Andin
DTLS is not in working mode yet, but the gen_statem rewrite should make completion easier.
2016-05-03ssl: Use gen_statem instead of gen_fsmIngela Anderton Andin
Also reduce timing issues in tests
2016-05-03Prepare releaseErlang/OTP
2016-05-02Merge branch 'ingela/ssl-max-session-table/OTP-13490'Ingela Anderton Andin
* ingela/ssl-max-session-table/OTP-13490: ssl: Adjust max table to work as expected from documentation
2016-05-02Merge branch 'ingela/ssl/signature_algs_bug'Ingela Anderton Andin
* ingela/ssl/signature_algs_bug: ssl: Correct guard expression
2016-05-02Merge branch 'ingela/ssl/cipher_suites'Ingela Anderton Andin
* ingela/ssl/cipher_suites: ssl: Correct cipher suites conversion
2016-04-29ssl: Correct guard expressionIngela Anderton Andin
The guard should check that the TLS version is at least TLS-1.2.
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb Please enter the commit message for your changes. Lines starting
2016-04-29ssl: Correct guard expressionIngela Anderton Andin
The guard should check that the TLS version is at least TLS-1.2.
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb
2016-04-27Merge branch 'maint-18'Henrik Nord
Conflicts: OTP_VERSION lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl_cipher.erl lib/ssl/src/tls_v1.erl lib/ssl/test/ssl_basic_SUITE.erl
2016-04-26Update release notesErlang/OTP
2016-04-26Merge branch 'ingela/ssl/config-signature-algs/OTP-13261' into maint-18Erlang/OTP
* ingela/ssl/config-signature-algs/OTP-13261: ssl: Prepare for release ssl: Add option signature_algs
2016-04-25ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2016-04-25ssl: Remove use of crypto:rand_bytes/1Ingela Anderton Andin
ssl already used crypto:strong_rand_bytes/1 for most operations as its use cases are mostly cryptographical. Now crypto:strong_rand_bytes/1 will be used everywhere. However crypto:rand_bytes/1 was used as fallback if crypto:strong_rand_bytes/1 throws low_entropy, this will no longer be the case. This is a potential incompatibility. The fallback was introduced a long time ago for interoperability reasons. Now days this should not be a problem, and if it is, the security compromise is not acceptable anyway.
2016-04-22ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples
2016-04-14ssl: Adjust max table to work as expected from documentationIngela Anderton Andin
The session table max size should be the configurable value Max and not Max + 1.
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-06ssl: Prepare for releaseIngela Anderton Andin
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-04-06ssl: Remove default support for use of md5 in TLS 1.2 signature algorithmsIngela Anderton Andin
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-03-24TLS distribution: shut down accept process cleanlyMagnus Henoch
In ssl_tls_dist_proxy:accept_loop/3, handle {error, closed} by exiting normally. This prevents a spurious error report at node shutdown.
2016-03-23Fix transportoption, ssloption, ssloptions types names in the documentationdef_null
2016-03-15update copyright-yearHenrik Nord
2016-03-15Merge tag 'OTP-18.3'Lars Thorsen
=== OTP-18.3 === Changed Applications: - asn1-4.0.2 - common_test-1.12 - compiler-6.0.3 - cosNotification-1.2.1 - cosTime-1.2.1 - cosTransactions-1.3.1 - crypto-3.6.3 - debugger-4.1.2 - dialyzer-2.9 - diameter-1.11.2 - edoc-0.7.18 - eldap-1.2.1 - erl_docgen-0.4.2 - erl_interface-3.8.2 - erts-7.3 - eunit-2.2.13 - hipe-3.15 - inets-6.2 - kernel-4.2 - mnesia-4.13.3 - observer-2.1.2 - orber-3.8.1 - public_key-1.1.1 - runtime_tools-1.9.3 - sasl-2.7 - snmp-5.2.2 - ssh-4.2.2 - ssl-7.3 - stdlib-2.8 - test_server-3.10 - tools-2.8.3 - webtool-0.9.1 - wx-1.6.1 - xmerl-1.3.10 Unchanged Applications: - cosEvent-2.2 - cosEventDomain-1.2 - cosFileTransfer-1.2 - cosProperty-1.2 - et-1.5.1 - gs-1.6 - ic-4.4 - jinterface-1.6.1 - megaco-3.18 - odbc-2.11.1 - os_mon-2.4 - ose-1.1 - otp_mibs-1.1 - parsetools-2.1.1 - percept-0.8.11 - reltool-0.7 - syntax_tools-1.7 - typer-0.9.10 Conflicts: OTP_VERSION erts/vsn.mk lib/test_server/doc/src/notes.xml lib/test_server/vsn.mk lib/webtool/doc/src/notes.xml lib/webtool/vsn.mk
2016-03-14Prepare releaseErlang/OTP
2016-03-02Merge branch 'maint'Henrik Nord
2016-03-02Merge branch 'legoscia/tls_ipv6_dist' into maintHenrik Nord
* legoscia/tls_ipv6_dist: Add inet6_tls_dist, for TLS distribution over IPv6 Conflicts: lib/ssl/src/ssl_tls_dist_proxy.erl OTP-13391
2016-02-25Merge branch 'maint'Ingela Anderton Andin
2016-02-25Merge branch 'legoscia/fix-ssl-example/PR-976/OTP-13363' into maintIngela Anderton Andin
* legoscia/fix-ssl-example/PR-976/OTP-13363: ssl: Modernize utility function Fix ssl example
2016-02-25Merge branch 'maint'Henrik Nord
2016-02-25Merge branch 'legoscia/crl-check-without-dp' into maintHenrik Nord
* legoscia/crl-check-without-dp: Be suspicious of certificates without CRL DPs Refactor ssl_crl_SUITE: extract crl_verify_error/6 OTP-13378
2016-02-25Merge branch 'legoscia/critical-extension-verify-none' into maintHenrik Nord
* legoscia/critical-extension-verify-none: ssl: with verify_none, accept critical extensions OTP-13377
2016-02-23ssl: Modernize utility functionIngela Anderton Andin
Use application:ensure_all_started/2 instead of hard coding dependencies
2016-02-22Fix ssl exampleMagnus Henoch
As recently discussed on the erlang-questions mailing list, this example fails to start the ssl application because ssl depends on asn1 nowadays. Let's future-proof this by using application:ensure_all_started/1.
2016-02-22Merge branch 'maint'Ingela Anderton Andin
2016-02-22ssl: Newer cipher suites now presented correctlyIngela Anderton Andin
Older SSL/TLS versions have cipher suites that look like {key_exchange(), cipher(), MAC::hash()} and the hash function used by the PRF (Pseudo Random function) is implicit and always the same for that protocol version. In TLS 1.2 a cipher suite is {key_exchange(), cipher(), MAC::hash(), PRF::hash()}. Internally a cipher suite is always a four tuple but for backwards compatibility older cipher suites will be presented as a three tuples, however new cipher suites should be presented as four tuples.
2016-02-22ssl: Include options form connect/listen/accept in connection_information/[1,2]Ingela Anderton Andin
Make sure that options only relevant for one role (client|server) is set to undefined when the other role is invoked. As there are many options to ssl, and many are optional, we choose to filter out all undefined options to avoid overwhelming the user with not relevant information. This way there is no need for any special handling of the role specific options which is also nice.
2016-02-19Merge branch 'ia/ssl/remove-default-DES/OTP-13195'Ingela Anderton Andin
* ia/ssl/remove-default-DES/OTP-13195: ssl: Remove DES ciphers from default configuration
2016-02-18ssl: Remove DES ciphers from default configurationIngela Anderton Andin
DES is not considered secure. Also correct 'Server Name Indication' support description.
2016-02-18Merge branch 'bjorn/remove-test_server/OTP-12705'Björn Gustavsson
* bjorn/remove-test_server/OTP-12705: Remove test_server as a standalone application Erlang mode for Emacs: Include ct.hrl instead test_server.hrl Remove out-commented references to the test_server applications Makefiles: Remove test_server from include path and code path Eliminate use of test_server.hrl and test_server_line.hrl
2016-02-18Merge branch 'legoscia/ssl-doc-typos' into maintHenrik Nord
* legoscia/ssl-doc-typos: Fix typos in ssl.xml OTP-13339
2016-02-18Merge branch 'maint'Ingela Anderton Andin
2016-02-18Fix typos in ssl.xmlMagnus Henoch
2016-02-17Be suspicious of certificates without CRL DPsMagnus Henoch
Previously, if certificate revocation checking was turned on, and a certificate didn't contain a CRL Distribution Points extension, and there was no relevant CRL in the cache, then ssl_handshake:crl_check would accept the certificate even if the crl_check option was set to reject certificates for which the revocation status could not be determined. With this change, such certificates will only be accepted if the crl_check option was set to best_effort. The process for CRL validation is described in section 6.3 of RFC 5280. The text doesn't mention any special treatment to be given to certificates without distribution points: it just says "For each distribution point..." (section 6.3.3), which would leave the revocation status undetermined, unless there were "any available CRLs not specified in a distribution point but issued by the certificate issuer". Thus the result of this algorithm should be UNDETERMINED in this case, not UNREVOKED, and the crl_check option should govern how the implementation reacts to this result.